Skip to Main Content
Mastering Kali Linux for Advanced Penetration Testing - Third Edition
book

Mastering Kali Linux for Advanced Penetration Testing - Third Edition

by Vijay Kumar Velu, Robert Beggs
January 2019
Intermediate to advanced content levelIntermediate to advanced
548 pages
12h 7m
English
Packt Publishing
Content preview from Mastering Kali Linux for Advanced Penetration Testing - Third Edition

Creating a Windows-specific exploit

To create a Windows-specific exploit, we must identify the right offset of the EIP. This can be extracted by exploit tools such as patter_offset, which takes the input of the EIP with the same length that was used to create the pattern:

root@kali:/usr/share/metasploit-framework/tools/exploit# ./pattern_offset.rb -q 0x6F43376F -l 4000
[*] Exact match at offset 2002

This means that an offset match was found in the pattern that was created with the EIP. Now, we know that buffer 2002 is enough to crash the server, and we can begin the overflow.

The next step is to find what EIP register stores the opcodes for the JMP ESP assembly. In the Immunity Debugger, view the executable modules and select essfunc.dll ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition

Mastering Kali Linux for Advanced Penetration Testing, Second Edition - Second Edition

Vijay Kumar Velu
Kali Linux 2018: Assuring Security by Penetration Testing - Fourth Edition

Kali Linux 2018: Assuring Security by Penetration Testing - Fourth Edition

Shiva V. N. Parasram, Alex Samm, Damian Boodoo, Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Publisher Resources

ISBN: 9781789340563Supplemental Content